Azure VM: Windows Updates Troubleshooting

아티클
1/17/2024

At this post, we are going to describe the ways that we can handle Windows Update issues in an Azure VM and of course in any other Windows OS.

Please check the disclaimer

↑ Back to top

Windows Update Service & Windows Temp Folder

The first and easiest step is to restart the Windows Update Service from the Windows Services panel as the image below shows.

We can also delete the Windows Temp folder files, by executing the following command in elevated CMD.

del %windir%\Temp\

If these steps don't solve the problem follow the next.

Windows Update Offline Installation

If the problem didn't solve with the previous step then, we can download the files for offline installation from the MS Update Catalog as the image below shows.

↑Back to top

Windows CMD Tools

System File Checker (SFC) command

The SFC command is used to verify and replace Windows system files.

To run

Open elevated CMD as Administrator
Type sfc /scannow and press Enter

After sfc scan completed, try to install windows updates and restart the computer.

Deployment Image Servicing and Management (DISM) Tool

The DISM is a command line tool which can be used to check the system files and try to restore them.

To run the DISM tool we must follow the next steps:

Open elevated CMD as Administrator
Type the following commands as the examples show

Check for corruption

Dism /Online /Cleanup-Image /ScanHealth

Scan and Repair the Windows image from any corruption

DISM.exe /Online /Cleanup-image /Restorehealth

Scan and Repair On-Line Image with own source files

DISM.exe /Online /Cleanup-Image /RestoreHealth /Source:C:\RepairSource\Windows /LimitAccess

Note

These actions might be delay we MUST wait until finished. Do not Cancel it.

If the problem is not solved and the issue persists, then we can manually reset the Windows Update Components and run the Windows Update process.

↑ Back to top

Windows Update Components Reset

Before we start we must clear out what are these Components and Services which we deal with.

Services

The Windows Update service (wuauserv/strong>), enables detection, download, installation of windows updates.
The Cryptographic service (cryptsvc), makes use of the %windir%\System32\catroot2\edb.log file for the updating process.
The Background Intelligent Transfer (bits) service, transfer files between a server and a client.
The Windows Installer service (msiserver), provides the Windows Installer (*.msi) package, to add ,modify and remove apps.

Folders

**Software Distribution **folder windows keep the Windows Updates history logs.
Catroot folder contains system files that are important for the Windows Update process actually store the signature of the Windows Update package.

To reset Windows Update Components we must follow the next steps:

Open a Command Prompt window as Admin
And start executing the following commands:

net stop wuauserv
net stop cryptsvc
net stop bits
net stop msiserver

Note

By executing the following commands the services BITS, MSI Installer, Windows Update, and Cryptographic service will stop.

Then rename the Software Distribution and Catroot2 folders from the elevated command prompt console.

ren C:\Windows\SoftwareDistribution SoftwareDistribution.old
ren C:\Windows\System32\catroot2 Catroot2.old

Finally, start the stopped services again, by executing the following commands:

net start wuauserv
net start cryptsvc
net start bits
net start msiserver

After those steps, try to install windows updates and restart the computer.

Component-Based Service (CBS) Logs

CBS Log is a file which includes logs for the components that they are installed or uninstalled during Windows Updates.
The CBS file is located in the Windows directory.

We can find CBS definitions in Windows Registry:

Cached State Location

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\ApplicabilityEvaluationCache\<package name>

Package Location

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\<package name>

Delete The CBS log

We can delete this file by following the next steps:

Stop the Windows Update Service, delete the log and start the Windows Update Service.

net stop wuauserv
del %windir%\Logs\CBS\*.*
net start wuauserv

Cleaning CBS update pending records

Open the Regedit key, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing and then delete PackagesPending.

If we don't have the required permissions to do this action, we must give by following the next directive.

Right-click the key PackagesPending and open Permissions. Click on Advanced and change owner to Administrator.

After deleting the key, we must restart the VM.

↑Back to top

Update Management

Azure gives the ability to users enable windowsupdate management from the Azure Portal.

To do that we must apply the following steps:

From the left VM main blade, select Operations - Update Management, and press Enable.

Until the solution is enabled we must wait for a few minutes.

After the solution is enabled in the Azure Portal, we have to wait up to 15' minutes for the VM configuration

At the final image, we have a view of the Update Management Portal, where there are no pending updates.

Summary

In this post, we read most of the ways that we can handle issues on the Windows Update system, not only in an Azure VM but in every Windows OS system. At the last chapter of this post, we read about the Update Management feature which gives everyone the ability to not be required to deal with Windows Updates.

다음을 통해 공유